Microsoft's Internet and Security Acceleration Server 2000 has impressive management capabilities, but Release Candidate 1 performed only moderately well against hacking tools in eWEEK Labs' tests.
We tested the ISA Server 2000 using two popular free open-source network attack tools, Nessus.org's Nessus 1.0.5 and Insecure.org's NMAP 2.53. Both hacking tools revealed open-port vulnerabilities, but these weaknesses were minor ones that likely wouldn't cause real damage to a network: ISA Server 2000 blocked the most threatening attacks.
Microsoft officials said they plan to address these issues before the final release, which is slated for the end of the year. Prices were not available at press time. In tests, ISA Server 2000 had impressive management capabilities, and its support for third-party security devices will suit the security needs of large companies migrating to Windows 2000.
Microsoft's previous security arrangements have been one-tier proxy servers. The proxy server for Windows NT offered poor performance, few configuration options and a difficult management interface, forcing network administrators to look to third parties for better security.
ISA Server 2000, in contrast, takes advantage of system cache, firewall and intrusion detection and provides a centralised management interface. Large enterprises and e-commerce sites migrating to Windows 2000 should take a serious look at ISA Server 2000. This two-tier proxy server with a firewall and Web cache server provides stronger security and management than previous Microsoft proxy servers.
ISA Server 2000's centralised MMC (Microsoft Management Console), with its policy-based administration tool, allowed us to manage firewall and cache infrastructures from one location, thus reducing network complexity and lowering cost of ownership.
ISA Server 2000's Active Directory integration is a critical feature that allows administrators to store user, rules and configuration information in a central location.
In tests, it enabled us to share schemata, implement caching arrays, automatically adopt enterprise settings, access policies, publish policies and monitor configurations.
The integrated cache is divided into four categories: high-performance Web caching, smart caching, scheduled caching, and distributed and hierarchical caching. High-performance Web caching is done with fast RAM caching and efficient disk operations. Smart caching is achieved by proactively caching popular objects based on how long an object has been cached and when the object was last retrieved.
Scheduled caching helps organisations preload the cache with entire Web sites on a defined schedule to ensure the freshest cache content to every user. Distributed and hierarchical caching distribute content caching among an array of ISA Server computers, enabling clients to access the cache closest to them for fast, reliable performance. We tested the release candidate of ISA Server 2000 on an intranet that included a server running Windows 2000 and an ISA Server 2000, a Web server, two clients and an external attacking client. To run ISA Server 2000, Service Pack 1 for the Windows 2000 Advanced Server must be installed, and the drive must be partitioned for NT File Server.
Step-by-step instructions and policy wizards made setup a snap, and we easily secured the network to the desired level for both the firewall and Web cache server.
